back to article One per cent of all websites probably p0wned each year, say boffins

Researchers working on a technology to detect unannounced data breaches have found, to their dismay, that one per cent of the sites they monitored were hacked over the previous 18 months. University of California San Diego researcher Joe DeBlasio, who conducted the study under professor Alex Snoeren said the number was …

  1. Anonymous Coward
    Anonymous Coward

    Nice study, nice technique. The interesting part here is that they specifically did not release the cracked sites as the subjects did not volunteer to participate in the study. Would that more had similar ethics. Here's looking at you, Facebook. Jus' sayin'.

    1. Randy Hudson

      Thumbs for the optative subjunctive.

    2. Anonymous Coward
      Anonymous Coward

      I bet the vast majority of compromised sites were running Linux. They are about 4-5 times more likely to get hacked than an internet facing Windows Server these days.

      1. Anonymous Coward
        Anonymous Coward

        I don't suppose the AC has any stats to back that up? Of course not, he gets his 'facts' from the same place as Breitbart, no doubt!

        1. bombastic bob Silver badge

          he gets his 'facts' from the same place as Breitbart CNN and MSNBC, no doubt!

          Fixed it for ya!

  2. Anonymous Coward
    Anonymous Coward

    What percentage of these were sold? I'm sure there are some nefarious people that sell off their own data on users.

    1. bombastic bob Silver badge

      "What percentage of these were sold"

      I would also be interested in seeing the kinds of spam-mailings they received (and from whom, and what the privacy policies were supposed to be, etc.).

  3. Bronek Kozicki

    Interesting technique

    Create unique email address (i.e. the user name that is hard to guess even by brute force, as-if good password) and use easily guessable password for that one. Create another unique email address, but with a strong password. If first account was breached, that means the email leaked (or email + easy password hash). If second was breached, that means plain text password leaked. I would be interested if such monitoring of websites was standard and users were informed of results.

  4. Alan J. Wylie

    Not to be confused

    with Tripwire the company or their file integrity monitoring product.

    1. Anonymous Coward
      Anonymous Coward

      Re: Not to be confused

      .. who used to have the most glorious vulnerability posters ever.

      That was bloody good marketing IMHO.

  5. Anonymous Coward
    Anonymous Coward

    What I don't understand

    Why would someone who gets the passwords test them out by logging in with them? If the Reg was hacked, why would the hackers login with all of our accounts to test them? If you test a few you know they work, and testing them all would probably set off alarms with some. Plus it isn't like having control of a lot of accounts at a place like this is of any use to anyone.

    Now if it was a bank or something, sure, then it would be something they'd test because they'd want to use them.

    If they're really seeing 1% of their accounts get logged in to, the real percentage of compromised sites may be much higher!

    As for the "well known American startup", that sure sounds a lot like Uber. Another "feather" in their cap...

    1. Mark 85

      Re: What I don't understand

      Plus it isn't like having control of a lot of accounts at a place like this is of any use to anyone.

      True up to a point but many people reuse their login names and passwords. So it's worth the time for the bad guys to test them, not just "here" but over "there" and "there".....

  6. sloshnmosh


    DeBlasio and Snoeren notified the security teams at the 19 sites in their sample that had suffered breaches (they said those included “a well-known American startup with more than 45 million active users”).

  7. Michael Wojcik Silver badge

    Rounding down a bit, are we?

    The title says "each year", but the article and the university's announcement both say the study determined nearly 1% were hacked over an 18-month period.

    It's been a long year, figuratively, but I'm pretty sure chronologically it was the usual number of months.

    Still, as others have said, it's a nice study and methodology. Nothing astounding but often the useful results aren't.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like